Overview

Rush University Medical Centre (Rush) is a not-for-profit healthcare, education, and research enterprise with a 664-bed academic medical centre that includes hospital facilities for adults and children. In addition to the University Medical Centre, Rush also includes Rush University, Rush Oak Park Hospital, and Rush Health with a total of 8,000 employees. Rush offers residency and fellowship programs in medical and surgical specialties to more than 2,000 students.

With a large and experienced IT team, Rush manages three data centres across its campuses. The organisation currently supports approximately 1,600 virtual desktops and 600 virtual servers, along with 10,000 physical desktops. The Rush IT team is tasked with supporting users on all devices, including smartphones and tablets. Rush operates proprietary wireless networks for its doctors, nurses, students, and support staff, while it also provides public Wi-Fi for patients and families. Rush was recently named one of Hospitals and Health Networks Most Wired organisations for 2014. “We cover the gamut of everything you would find in a modern academic medical centre, including one of the most advanced electronic medical records systems,” said Jaime Parent, Associate CIO, Vice President IT Operations at Rush University Medical Centre.

In addition to being a premier medical facility in Illinois, Rush is also committed to the community it serves. Recently, Rush founded the EN-Abled Veteran Program, which trains and prepares transitioning military veterans in healthcare IT. As a result of the program, veterans from conflicts in Iraq and Afghanistan are learning skills that will help them succeed in the healthcare IT marketplace.

Challenges

Rush University Medical Centre’s IT leadership knows the importance of providing protection to all levels and types of customers that are on site at the hospital and supporting facilities, such as doctors, nurses, staff, technicians, and patients. To provide that protection, they’re always looking for the very best in IT security. However, in 2011 Rush realised their former security vendor did not have the tools or the capabilities to defend against a new breed of advanced threats.

In one attack, Rush was hit hard by the Conficker virus, a computer worm that targets Microsoft Windows environments and creates botnets that can steal valuable network data. Their existing security could not identify and resolve the virus. This was a major concern for Rush, because their network holds information on patient, research, and other hospital related data. “Like any major medical facility, Rush operates 24/7/365, so we could not simply shut down the system and search for a solution,” said Parent.

Another issue for Rush was dealing with unknown and zero-day attacks that were assaulting its network on a regular basis. “We were challenged in balancing a growing security architecture against emerging persistent threats,” said Alex Radenkovic, Information Security Engineer at Rush University Medical Centre. “An attacker can deploy new attack techniques when capable defences have not yet been deployed, leaving the attacker with the upper hand.”

Daily scanning presented another challenge for the medical facility. The scanning by its previous endpoint security provider was impacting performance of users across its network. Because scanning was scheduled for mid-day, the solution caused processing delays that reduced user productivity for all levels of users. As a result, some Rush employees would work on their own personal laptops, smartphones, and tablets to avoid the scan, leaving Rush with a mix of managed and unmanaged endpoints. “As a medical centre, we have to make sure we have the monitoring and security to ensure compliance across all of our users’ many devices,” said Parent.

Some of the primary compliance regulations that Rush needs to meet include: the Health Information Portability Act (HIPAA) on the medical side, the Family Educational Privacy Act (FERPA), which protects the privacy of student education records, state regulations, and Public Health Information (PHI).

As if zero-day attacks, scanning issues, and compliance problems weren’t enough, Rush was concerned that its current solution could not meet the demands of its modern data centre. Rush was looking for a solution that would protect its virtual desktop infrastructure (VDI) and virtual servers, and provide virtual patching that shields potential vulnerabilities before attackers can take advantage of them.

Finally, Rush IT was concerned with malware entering the system via unauthorised USB devices being brought onto campus. “Once we learned about the sophisticated nature of the new threat landscape, we knew we had to protect the entire hospital network,” said Parent. “And we had to handle the scanning issue that was impacting user performance.”

“Once we understood how much traffic we had to manage, how much malicious traffic to block, and the magnitudeof the threats, it was easy to make the case for Trend Micro.”

Jaime Parent,
Associate CIO, Vice President IT
Operations at Rush University
Medical Centre

Solution

Impressed with the results of the OfficeScan endpoint protection solution, Rush decided to switch to Trend Micro and deploy the Trend Micro™ User Protection solution in 2012. The solution includes OfficeScan, as well as email and collaboration security, web security, mobile security, and integrated data loss prevention. The result is a protective shield that is extremely difficult for cyber criminals to penetrate.

In addition to providing protection across Rush endpoints, OfficeScan uncovered far more malware than Rush’s previous security solution and delivered much faster virus scans that did not impact user productivity. “The technology used by Trend Micro was much less intrusive on the CPU, so scans were completed much faster and users stopped complaining,” said Parent. “And the scans were identifying viruses and Trojans that our previous solution did not detect. Put all that together and it’s pretty clear that Trend Micro’s solution was a superior product.”

“We use Deep Security to protect our VDI and virtual servers. The solution provides a comprehensive, agentless security platform for our virtual environment, and we plan to use it for our cloud server implementation,” said Radenkovic. “In addition to maximising protection for our VDI environment, Deep Security provides virtual patching that shields vulnerabilities before they can be exploited, eliminates emergency patching, frequent patch cycles, and costly system downtime.”

“With Deep Discovery, Rush can monitor the entire network for attacks, analyse malware using sandboxing, and quickly assess and react to the threat,” said Radenkovic. “Deep Discovery is a virtual powerhouse. In the last 90 days Deep Discovery has examined and investigated over 100,000 samples and more than half-a-million million viruses and other malware were blocked using OfficeScan.”

One example of the multi-layered support that Trend Micro provides to Rush was when a user downloaded zero-day malware to a PC within the Rush network. Deep Discovery inspected the suspicious malware and ran the threat through its sandbox technology to see what harm it could do and what type of system it could infect. “We actually were able to watch the malware trying to contact its Command and Control servers to get new code and steal our data,” said Parent. “We would have had an outbreak if it wasn’t for Deep Discovery.”

The solution’s centralised management also offers significant benefits. It allows Rush to monitor the health and status of servers, workstations, laptops, compliance—all from a single screen. “Trend Micro™ Control Manager™ solution gives you incredible user-based visibility into what’s going on in your computing environment. It also gives you everything you want from a reporting device—data ranges, graphs, advanced views, and extremely detailed logs,” said Radenkovic.

Trend Micro’s support team also played an important role in helping Rush quickly realise the solution’s benefits. “With Trend Micro’s Premium Support Program, the support team not only helped us install and configure software, they taught us how to use their products just like they do,” said Radenkovic. “The level of professionalism and expertise was very impressive—it feels like we’re all on the same team—it’s a fantastic collaboration.”

Why Trend Micro

After evaluating several leading security vendor solutions, Rush was most impressed with Trend Micro because of the quality and effectiveness of their solutions. The Rush IT leadership was also swayed by the level of engagement from the Trend Micro account team who took the time to understand the complexity of Rush’s IT challenges and tailor an end-to-end security solution for their unique environment.

“The Trend Micro team was great to work with. The camaraderie and level of discussion between the members of our organisations was the first step in our win-win relationship,” said Parent. “They provided excellent support, came on-site for strategy sessions, and really made a significant effort to understand our security requirements.”

While Trend Micro was working to tailor a solution, Rush experienced another malware attack that made it appear as though some of their files were disappearing. However, with Trend Micro’s help, this time Rush was prepared to defend its environment. The virus was eradicated and a strategy provided to prevent the virus from being retransmitted. “We all pitched in and collaborated to eliminate the virus,” said Parent. “Even though Trend Micro had only seen this virus at one or two other sites, they were able to stop it.”

When a 30-day Proof of Concept for Trend Micro™ OfficeScan™ was completed, Rush IT recognised not only the number of threats they were facing, but where the threats were coming from. “Once we understood how much traffic we had to manage, how much malicious traffic to block, and the magnitude of the threats, it was easy to make the case for Trend Micro,” said Parent.

“Once we understood how much traffic we had to manage, how much malicious traffic to block, and the magnitude of the threats, it was easy to make the case for Trend Micro.”

Results

Since switching to Trend Micro in 2012, Rush University Medical Centre has recognised several significant benefits in both the level of network protection and increased user performance. Trend Micro’s User Protection allows the Rush IT team to manage users from a single console, giving Rush complete visibility into security across their IT environment. “Since switching to Trend Micro, our computing environments are now stable. Once we deployed Deep Discovery we have not had any major outbreaks—they helped us identify the infection source and attack vector, so we could address the threat right away,” said Radenkovic.

“Switching to Trend Micro from our previous vendor, it would sometimes take us a day to two to figure out where the attack was coming from, involving lots of resources to correlate that data. After switching to Trend Micro, we’ve been able to identify the attack and the sources almost instantaneously.

Trend Micro OfficeScan has improved user satisfaction with faster and more effective scanning, while making it easy to manage security. “From an overall environment perspective, the number of threats have decreased significantly since we installed Trend Micro solutions,” said Parent. “We can see from the logs provided by the solution that it’s really working.”

With Trend Micro now protecting their entire IT environment, Rush has peace of mind that their valuable healthcare, academic, and other sensitive information is always protected. For healthcare organisations facing ongoing attacks as well as HIPAA compliance regulations, this is very important. “With Trend Micro solutions, we have the tools to see which types of threats we are facing, and quickly resolve them before they affect our system,” said Parent. “This makes us very confident with our compliance audits.”

What's Next

Rush realises that there is no shortage of security challenges for medical centres, so they value Trend Micro as an ongoing partner and member of the strategy team. “We currently use Trend Micro encryption for our laptops, but I’d like to deploy Trend Micro encryption for all of our endpoints,” said Parent. “We’ve enjoyed a true partnership with Trend Micro and we may even develop a security solution together someday.”

“We have taken the next step in protecting our data, safeguarding our data, we are now at the next level. The threat landscape has changed and evolved here at Rush and Trend Micro has evolved with us,” said Radenkovic.

“With Trend Micro solutions, we see which types of threats we are facing and can quickly resolve them before they affect our system. This makes us very confident with our HIPAA, FERPA, and PCI compliance audits.”

Jaime Parent,
Associate CIO, Vice President IT
Operations at Rush University
Medical Centre